Attempting the number of times to create an almost perfect htaccess
- Google ranks higher sites that load faster.
- If on eBay or Amazone to increase the loading time of pages by 9%, they lose 1% of the profits.
- Make your website faster to save on client traffic and on the number of calls to the server. .htaccess is our hero
Professionals know what htaccess is.
Those who are going to leave with narod.ru on php-hosting just have to find out what it is.
Those who have just installed their first jooml or wordpress urgently need to learn about our hero - htaccess
Why do we need .htaccess?
Imagine that you bought a hosting and it seems that you have almost found happiness. But once (and maybe twice, and maybe three times) your site stops responding. It starts to slowly boot and generally behave strangely. And virtual hosting is such a tricky thing, that besides your website there are two dozen other sites on this server. They are all different in power, organization and traffic. And when your neighbor accidentally, and maybe intentionally runs on his hosting complex or redundant scripts in the algorithms, it responds to you.
')
Or another example. Let's say your resource begins to gain popularity, but it is still too early to move to a dedicated server, and the capacity of the VPS is not enough. You can really help out htaccess.
And htaccess can solve some issues with the security of your site.
And also ...
I want the perfect .htaccess!
It turns out on the Internet a lot of different conflicting information on how to use. Htaccess. It took a long and tedious experiment to understand what is true and what is false. In most cases, the authors of the councils in their blogs forget to mention that one or another Apache module is needed for certain conditions to work.
But enough words, it's time to work. Let's try to create an almost perfect .htaccess
1. The first line sets the main options:
Options All -ExecCGI -Indexes -Includes +FollowSymLinks Using the options is very convenient when you do not have access to Apache configuration or you need different Apache settings for different sites on the same server.
The option -ExecCGI prohibits running CGI scripts. It is better to allow only for specific folders. Increase safety.
The -Indexes option prohibits showing the contents of directories if there is no index file in them. On shared hosting is usually enabled by default. By changing the minus to plus + Indexes, on the contrary, you can allow viewing the contents of the directory (or directories).
The -Includes option disables SSI. If you do not know what it is - prohibit it (You can index ( ! ) On request Server Side Include if you want to know more about this). You can use the IncludesNOEXEC option, which allows SSI to be used without running scripts.
The + FollowSymLinks option allows you to use symbolic links to files or directories that are not within the root of your site.
Note
You can use htaccess with different settings for different directories. At the root of the site you can declare -Indexes, and in the selected directories create another .htaccess file and declare + Indexes in it. Remember that the options htaccess spreads from top to bottom on the directory tree to the deepest nesting, until they are canceled by other htaccess.
It is not necessary to list all the options in the child .htaccess completely if they do not change. It is enough to specify (reassign) only those options and directives that change. The remaining options are also inherited from the parent.
It is not necessary to list all the options in the child .htaccess completely if they do not change. It is enough to specify (reassign) only those options and directives that change. The remaining options are also inherited from the parent.
Example
Let's say you have this way / site / folder_one / subfolder / other /
In the file /site/.htaccess you specify:
In the file /site/folder_one/.htaccess you specify:
In the file /site/folder_one/subfolder/.htaccess you specify:
Get this:
Files of any content will be displayed in the site folder, unless you directly access them. Or an index file, if not explicitly referring to one of the files. In the absence of the index file received 403 error.
Access to the folder_one folder is closed. Even if you know the name of the file and type it in the address bar in response, the server will return error 403.
The subfolder folder is allowed for referrals to a direct address, or in the absence of an index file will show the contents of the directory. The same rights apply to the other folder.
If you remove the file, htaccess from the folder_one folder, it will inherit the rights from the parent site.
In the file /site/.htaccess you specify:
Options -Indexes Allow from all In the file /site/folder_one/.htaccess you specify:
Deny from all In the file /site/folder_one/subfolder/.htaccess you specify:
Options +Indexes Allow from all Get this:
Files of any content will be displayed in the site folder, unless you directly access them. Or an index file, if not explicitly referring to one of the files. In the absence of the index file received 403 error.
Access to the folder_one folder is closed. Even if you know the name of the file and type it in the address bar in response, the server will return error 403.
The subfolder folder is allowed for referrals to a direct address, or in the absence of an index file will show the contents of the directory. The same rights apply to the other folder.
If you remove the file, htaccess from the folder_one folder, it will inherit the rights from the parent site.
2. A bit of SEO (where to go without it)
<IfModule mod_rewrite.c> RewriteEngine on RewriteBase / RewriteCond %{HTTP_HOST} ^black-web RewriteRule (.*) http://www.black-web.ru/$1 [R=301,L] RewriteCond %{THE_REQUEST} ^[AZ]{3,9}\ /index\.php\ HTTP/ RewriteRule ^index\.php$ http://www.black-web.ru/ [R=301,L] </IfModule> Be sure not to forget about the condition <IfModule mod_rewrite.c>. Do not be at the host of this module and your site will produce a 500th error. This particular module is included in the default Apache build. Well, what if ... Hosters and their admins are all sorts.
In this part, the benefits are more for SEO. The rewrite module, as its name implies, deals with redirections (hello to Cap) .
In this part of the file, we indicated two gluing: we glued your_site and www.your_site, even if the user type your website without WWW, transfer it to 301 with a redict on www.your_site .
And also we got rid of /index.php in the query string. If the user types www.your_site/index.php, he will transfer it (again 301 rerunders) to www.your_site
Now search engines will not be confused between www and will not duplicate the main page in the indexing results of your site. We google seo gluing domain if you do not understand why it is needed.
3. Who is in the main folder?
If you have a folder there are index.html and index.php files (I don’t know why and who needed it, but have seen it more than once) then how to tell the server who they are more index?
DirectoryIndex index.php And you can also specify there we say roosso.php and then typing in the request line the address of the website.bla / bla / bla / you will see not the index, but the roosso
4. More settings ...
<IfModule mod_setenvif.c> SetEnv TZ Europe/Moscow </IfModule> ServerSignature Off AddDefaultCharset UTF-8 The first line sets the time zone. For example, in Apache 2.22.22 there was a bug associated with this option. Time functions in php did not work until you set the time zone.
The second line is the server signature. You have seen them more than once on any system pages like the 500th error or 403s. Usually there is some technical information and mail webmasters. I prefer even in such trifles to hide data about the software on the server. Colleagues paranoid support me.
Guess what the third line does?
5. When there is no access to php.ini
With .htaccess, we can also manage a number of PHP settings. On the virtual hosting, as a rule, there is no possibility to change the settings of php.ini. Most often this is not required. But still there are a number of options control over which may be useful to us. For example, increase the limit on downloading files, or the transfer limit of this method POST.
<ifModule mod_php.c> php_value upload_max_filesize 32M php_value post_max_size 10M php_value default_charset utf-8 php_value max_execution_time 200 </ifModule> The first line allows you to upload files up to 32 megabytes. By default, php is usually 8 or 16 megabytes.
The second line allows posting up to 10 megabytes. The default value is usually 2 megabytes.
The third line sets the encoding used by your scripts. At its core, it duplicates the line: "AddDefaultCharset UTF-8." But I often resort to installing the encoding via php.
The fourth line we change the time limit allocated to the execution of the script. By default, it is usually 30 seconds. But sometimes it takes more time to perform some complex processing.
6. Types of files. Sleight of hand and not any fraud.
In my practice it happened a couple of times that after any update by the software provider, the file types flew. Although this is rare. For 10 years, just two cases. But sometimes I needed to make html work like php. And sometimes you want to teach the Apache to distinguish between types of files that he does not know. (As it turned out, Apache doesn't know much about rare file types.) In this situation, the following code will save us:
AddHandler application/x-httpd-php .html AddHandler cgi-script .pl .py .jsp .asp .htm .shtml .sh .cgi AddType application/x-javascript .js AddType text/css .css AddType text/xml .xml AddType application/octet-stream .doc .mov .avi .pdf .xls # ForceType application/x-httpd-php The first line will allow our php files to have the html extension, but run as php. It is useful in many cases. And in the good old when the search engines indexed CNC better, such a line always came to the rescue.
We can reassign, add or replace any file types under permissions that are convenient for us.
Interesting trick
By the way, you can easily write for example the following line:
Then rename all your files by changing the extension to .i (without forgetting links, of course) and the file addresses on your site will not be site.my / index.php? Uri, but website.my / index.i? Uri
For example, I am writing
and create the alex.roosso file in the root of my site inside a regular php code. This is kind of like a favorite page about me. And in the address bar it will look like www.black-web.ru/alex.roosso (link is working, you can see what it is).
AddHandler application/x-httpd-php .i Then rename all your files by changing the extension to .i (without forgetting links, of course) and the file addresses on your site will not be site.my / index.php? Uri, but website.my / index.i? Uri
For example, I am writing
AddHandler application/x-httpd-php .roosso and create the alex.roosso file in the root of my site inside a regular php code. This is kind of like a favorite page about me. And in the address bar it will look like www.black-web.ru/alex.roosso (link is working, you can see what it is).
The second line indicates which file extensions should be executed as cgi scripts.
The third, fourth and fifth lines, just in case, specify the mime type of files with css, js, xml resolution. Do not confuse with the assignment of a header in the server's response to the request, as is done in the first two lines.
The sixth line of this site is needed if your site has content downloaded for users. If you add this line, then when accessing these files they will be offered to download them to a computer, and not like a bunch of plugins that even word open in the browser now in modern browsers.
I commented out the seventh line. This is a line in a voluntary-voluntary manner, all files from your server will run as php. It is better to use it only in separate folders, if necessary.
7. Adults and children know that archives weigh less ...
Useful when your pages load faster. Therefore, people came up with archived files. And then they thought and decided that you can also archive pages on websites and images. And do it imperceptibly for the user, but significantly reduce traffic and speed up page loading. Magic words have sounded, now we will discuss how this can be done.
Apache has two compression modules. Both are not default modules, so they may not necessarily be present with your provider. But as practice has shown in 99% of providers, one of them is worth it. The most common mod_deflate. To compress it using all the content on your site, add the following lines to .htaccess:
<ifModule mod_deflate.c> AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/css text/javascript application/javascript application/x-javascript </ifModule> As you can see, we need to list the mime type of files that should be compressed. Here you can add videos and pictures, but it will give little sense. Because jpeg or gif are already compressed formats. Also avi or flv. You actually have nothing to win by pointing them out.
The second less popular module is mod_gzip. To enable compression with it, add these lines:
<IfModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$ mod_gzip_item_include mime ^text\.* mod_gzip_item_include mime ^application/x-javascript.* mod_gzip_item_exclude mime ^image\.* mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* </IfModule> This module can work with masks, which is undoubtedly a big plus. And the syntax is much more flexible than the previous one. But use it less often. And by compression, I can not even judge which module is better. I did not notice a strong difference in the tests.
8. Is it even faster?
Can. If you apply caching pages. Caching has both pluses and minuses, so you need to be prepared for this issue. For a dynamically updated website every 2-3 minutes, for example, a popular forum, you need to consider that the user must see the actual information. But any site has content that is more or less static. For example, the same pictures, or style files. Therefore, we need to use different caching of different content on the site. In html markup, we can always use meta tags. And through php we can set the server response headers. The question remains, how to deal with css, js, image, etc. etc.
Two modules can help us with this: mod_headers and mod_expires which can set headers in the server’s response and tell your browser what to cache. One of the modules usually stands with the provider, but as is the case with any module that is not included in the standard Apache assembly, no one will give you a 100% guarantee. Therefore, again in order to avoid a 500th error, the conditions for each of the modules are indicated.
<ifModule mod_headers.c> # html htm <FilesMatch "\.(html|htm)$"> Header set Cache-Control "max-age=43200" </FilesMatch> # css, javascript <FilesMatch "\.(js|css|txt)$"> Header set Cache-Control "max-age=604800" </FilesMatch> # <FilesMatch "\.(flv|swf|ico|gif|jpg|jpeg|png)$"> Header set Cache-Control "max-age=2592000" </FilesMatch> # <FilesMatch "\.(pl|php|cgi|spl|scgi|fcgi)$"> Header unset Cache-Control </FilesMatch> </IfModule> Here is the syntax for mod_headers. I think the comments clearly what's what.
In this section, I turned off the caching of php files. Although in my opinion a small time interval of caching does not hurt them. 5-30 seconds is a time interval for which little changes. And many users like to use the back key. In order not to load the page for them a second time, but to pick it up from the cache, a reasonable cache interval is still appropriate.
In the second section, where the conditions for mod_expires go, I do just that - for php I set a small cache interval.
<ifModule mod_expires.c> ExpiresActive On # 5 ExpiresDefault "access plus 5 seconds" # ExpiresByType image/x-icon "access plus 2592000 seconds" ExpiresByType image/jpeg "access plus 2592000 seconds" ExpiresByType image/png "access plus 2592000 seconds" ExpiresByType image/gif "access plus 2592000 seconds" ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds" # css, javascript ExpiresByType text/css "access plus 604800 seconds" ExpiresByType text/javascript "access plus 604800 seconds" ExpiresByType application/javascript "access plus 604800 seconds" ExpiresByType application/x-javascript "access plus 604800 seconds" # html htm ExpiresByType text/html "access plus 43200 seconds" # xml ExpiresByType application/xhtml+xml "access plus 600 seconds" </ifModule> 9. Rules polite tone ...
In the process of upgrading your site, we often leave tails in the form of links that lead to the pages that we removed. Sometimes such links come from other sites or from search engines. In order not to lose users in a polite tone, it is considered to have your own pages for various types of errors. Including even server errors. For example, the standard message about the 500th error is very boring and gloomy, and it is unlikely that the user will want to visit your page again. But in htaccess there are tricks that can make even this page more friendly.
# Bad Rquest ErrorDocument 400 /400.html # Authorization Required ErrorDocument 401 /401.html # Forbidden ErrorDocument 403 /403.html # Not found ErrorDocument 404 /404.html # Method Not Allowed ErrorDocument 405 /405.html # Request Timed Out ErrorDocument 408 /408.html # Request URI Too Long ErrorDocument 414 /414.html # Internal Server Error ErrorDocument 500 /500.html # Not Implemented ErrorDocument 501 /501.html # Bad Gateway ErrorDocument 502 /502.html # Service Unavailable ErrorDocument 503 /503.html # Gateway Timeout ErrorDocument 504 /504.html For 400 errors, you can use dynamic pages on php. But for 500 it is better to do it on html and js. This part of the errors is usually associated with server errors (in most cases) and php or cgi usually do not work in this situation.
If you are too lazy to do so many pages, set the error page to the main page of your site or a site map.
All this you do exclusively for people. Search robots do not care if you have an error page or not. They see the server response with an error code and block your page in the search. So keep in mind, this is not a panacea. This is only courtesy to your audience and the image of your site.
10. To summarize
Connoisseurs understand that not all are described in this article. I have touched here only the surface of the iceberg. In fact, the possibilities of .htaccess are much more extensive than described in the article. But I did not pursue the goal to translate manaul on htaccess into Russian. All I wanted was to create a small backbone of the .htaccess file for those who had just begun to study this issue in order to save their time searching for information on the network.
As a result of all the manipulations, we should have received the following file:
Options All -ExecCGI -Indexes -Includes +FollowSymLinks <IfModule mod_rewrite.c> RewriteEngine on RewriteBase / RewriteCond %{HTTP_HOST} ^black-web RewriteRule (.*) http://www.black-web.ru/$1 [R=301,L] RewriteCond %{THE_REQUEST} ^[AZ]{3,9}\ /index\.php\ HTTP/ RewriteRule ^index\.php$ http://www.black-web.ru/ [R=301,L] </IfModule> DirectoryIndex index.php <IfModule mod_setenvif.c> SetEnv TZ Europe/Moscow </IfModule> ServerSignature Off #AddDefaultCharset UTF-8 <ifModule mod_php.c> php_value upload_max_filesize 32M php_value post_max_size 10M php_value default_charset utf-8 php_value max_execution_time 200 </ifModule> AddHandler application/x-httpd-php .html AddHandler cgi-script .pl .py .jsp .asp .htm .shtml .sh .cgi AddType application/x-javascript .js AddType text/css .css AddType text/xml .xml AddType application/octet-stream .doc .mov .avi .pdf .xls # ForceType application/x-httpd-php <ifModule mod_deflate.c> AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/css text/javascript application/javascript application/x-javascript </ifModule> <IfModule mod_gzip.c> mod_gzip_on Yes mod_gzip_dechunk Yes mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$ mod_gzip_item_include mime ^text\.* mod_gzip_item_include mime ^application/x-javascript.* mod_gzip_item_exclude mime ^image\.* mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.* </IfModule> <ifModule mod_headers.c> # html htm <FilesMatch "\.(html|htm)$"> Header set Cache-Control "max-age=43200" </FilesMatch> # css, javascript <FilesMatch "\.(js|css|txt)$"> Header set Cache-Control "max-age=604800" </FilesMatch> # <FilesMatch "\.(flv|swf|ico|gif|jpg|jpeg|png)$"> Header set Cache-Control "max-age=2592000" </FilesMatch> # <FilesMatch "\.(pl|php|cgi|spl|scgi|fcgi)$"> Header unset Cache-Control </FilesMatch> </IfModule> <ifModule mod_expires.c> ExpiresActive On # 5 ExpiresDefault "access plus 5 seconds" # ExpiresByType image/x-icon "access plus 2592000 seconds" ExpiresByType image/jpeg "access plus 2592000 seconds" ExpiresByType image/png "access plus 2592000 seconds" ExpiresByType image/gif "access plus 2592000 seconds" ExpiresByType application/x-shockwave-flash "access plus 2592000 seconds" # css, javascript ExpiresByType text/css "access plus 604800 seconds" ExpiresByType text/javascript "access plus 604800 seconds" ExpiresByType application/javascript "access plus 604800 seconds" ExpiresByType application/x-javascript "access plus 604800 seconds" # html htm ExpiresByType text/html "access plus 43200 seconds" # xml ExpiresByType application/xhtml+xml "access plus 600 seconds" </ifModule> # Bad Rquest ErrorDocument 400 /400.html # Authorization Required ErrorDocument 401 /401.html # Forbidden ErrorDocument 403 /403.html # Not found ErrorDocument 404 /404.html # Method Not Allowed ErrorDocument 405 /405.html # Request Timed Out ErrorDocument 408 /408.html # Request URI Too Long ErrorDocument 414 /414.html # Internal Server Error ErrorDocument 500 /500.html # Not Implemented ErrorDocument 501 /501.html # Bad Gateway ErrorDocument 502 /502.html # Service Unavailable ErrorDocument 503 /503.html # Gateway Timeout ErrorDocument 504 /504.html 11. Afterword.
I tried not to hurry in writing the article and it took almost a day. But still somewhere I could make mistakes in spelling or punctuation. Please do not execute, and mercy. And better to write in a personal, so I corrected the error.
And finally, for those who like experiments, a few lines of .htaccess. Judging by my own experience - in practice, knowledge is absorbed better than in theory.
Various interesting examples
# SECURE ____________________ <IfModule mod_ssl.c> SSLOptions +StrictRequire SSLRequireSSL SSLRequire %{HTTP_HOST} eq "black-web.ru" </IfModule> <IfModule mod_rewrite.c> RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </IfModule> # HOTLINKING ________________ <IfModule mod_rewrite.c> RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://([ -a-z0-9] \.)?black-web\.ru [NC] RewriteRule \.(gif|jpe?g|png)$ - [F,NC,L] </IfModule> # REDIRICT __________________ Redirect 301 /index.html /index.php <IfModule mod_rewrite.c> RewriteRule ^news/([^/\.]+)/?$ news.php?news=$1 [L] RewriteRule ^(.*\.((js)|(css)))$ plugin/GzipFile.php?file=$1 RewriteRule \.css$ plugin/GzipFile.php?file=$1 RewriteRule \.js$ plugin/GzipFile.php?file=$1 </IfModule> RedirectMatch 301 /blog(.*) http://www.black-web.ru/$1 PS
... For those who have succeeded, go to www.webpagetest.org to measure the beauty before and after.
Andrey_Zentavr
Who should take a fully ready .htaccess here
This file showed the highest performance on the tests.
Also, there are a lot of things commented out about what I did not mention in the article and what can be useful in certain cases.
Source: https://habr.com/ru/post/154643/
All Articles